I have a thought - is there a possibility to get cookies from a curl POST request to a particular page?
I mean, I create the curl request with post fields, and then get the response of the page - but if the page has some cookies set as HttpOnly I won't be able to see them, right?
cUrl has the possibility to save cookies in a txt file, that's correct I did it and that is fantastic - but how can a split that .txt to save each cookie in a database ?
You can store cookies in .TXT which each time will have different name like Time/Date or you can do this.
$dir = dirname(__file__);
$config['cookie_file'] = $dir . '/cookies/' . md5($_SERVER['REMOTE_ADDR']) . 'txt';
This will save all cookies with User's IP in MD5 to COOKIES Folder.
or for directly storing into database.
$cookie = tempnam('cookie',rand(000000000,999999999));
and the after each request, you can send cookie to Database.
TIP:
cURL(cookie)
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
SQL(storing)
Use INSERT for adding cookies to database.
Related
If I go to a website, example.com/page1.php, it is a log-in page. When I log-in, it takes me to example.com/page2.php. If I close my browser and come back to page1 later, I’m still logged in and it automatically takes me to page2. That means there’s a cookie set and it knows I already logged in.
I want to use file_get_contents to get page2.php. When I try it, I get the contents of the log-in page instead. I assume that’s because file_get_contents doesn’t know a cookie is set and page2 is saying, you shouldn’t be here, you’re not logged in, so it bumps me back to page 1.
I realize I can use cURL to do the log-in, create a cookie and get the contents, like this….
$url = 'https://www.example.com/page1.php'; // the url of the login page
$post_data = "urerid=myusername&password=mypassword "; // The login data to post
$ch = curl_init(); // Create a curl object
curl_setopt($ch, CURLOPT_URL, $url ); // Set the URL
curl_setopt($ch, CURLOPT_POST, 1 ); // This is a POST query
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); //Set the post data
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Get the content
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Follow Location redirects
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); // Set cookie storing files
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
$output = curl_exec($ch); // Execute the action to login
My problem is , I don’t want to log-in again (for reasons I don’t want to get into). Is there a way to let file_get_contents, cURL, or some other function, know I’m previously logged in and get the contents of page2. Since example.com is setting a cookie, can I access that cookie somehow and use it to avoid logging in again?
Why it wont work:
If the website is creating security cookie against xss , you cant simply take one user cookies and send request from diffrent IP while using them.
Even if the website is not using security hash , you cant access cookies belongs to a diffrent domain due security resones (you dont want that gmail.com could access your microsoft.com cookies)
to cut it short - the only way that could work is by :
Use SSO (with partner to the destination domain).
Use Cross-Domain support (with partner to the destination domain).
Get Access Tokens (like facebook is doing) if supported by the destination domain.
Request your users to login from your domain (by trusting you - which is bad) in order to let your site be able to access the other domain data.
Usually, when using a browser, session cookies expire when browser window closed.
But when using (php) cURL (and set COOKIE_FILE and COOKIE_JAR options), how long do they keep alive?
According to mozilla.org:
session cookie [...] is deleted when the client shuts down, because it didn't specify an Expires or Max-Age directive. However, web browsers may use session restoring, which makes most session cookies permanent, as if the browser was never closed.
According to the documentation of curl_setopt function:
By default, libcurl always stores and loads all cookies, independent if they are session cookies or not. Session cookies are cookies without expiry date and they are meant to be alive and existing for this "session" only.
If you save a cookie in a specified file with
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://stackoverflow.com');
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__) . '/cookie.txt');
$output = curl_exec($ch);
curl_close($ch);
Then, from the client perspective, the session will be active as long as CURLOPT_COOKIEJAR is set with the right cookie. This is a choice of your script.
While using cURL with some site, I noticed that some files that I requested actually used several variables from the cookie I set up with curl.
Here's a snapshot:
But when I check my cookie file all it reads is just one value for ASP.NET_SessionId:
www.*******.*** FALSE / FALSE 0 ASP.NET_SessionId ddj24l55lfu11nb1lhuflw55
Of course, the values from the snapshot are taken from my browser (Internet Explorer F12), and that cookie contains Three variables (not one).
Internet Explorer F12 cookie variables Name/Values:
NAME ASPSESSIONIDSACRDADD
VALUE LOONCEMDHCGEJOANEGHHFAFH
NAME ASPSESSIONIDSCBRABDC
VALUE CMONJEMDNICPNPNFICLAPMFM
NAME ASPSESSIONIDQACSBADC
VALUE MCBOGLCCKNIDDBOADNMPCLCD
this is my CURL settings for cookies:
$cookiefile = "d:/cookie.txt";
curl_setopt($curl, CURLOPT_COOKIESESSION, 1);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefile);
What is it that I may be missingin cURL ?
Thanks!
By the nature of the div collection, it looks to be like variables are from different browser sessions.
And Even if its not, its up to developer on how to create your application to set and read the data.
I would like to login to a site, so the first time I request a page, it redirects me to another page setting the cookies.
I am following a tutorial where they specify doing this
$cookie = '/tmp/cookies.txt';
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
But when i check http live headers, the server passes cookie information to set my cookies.
But i don't see it doing anything. When I examine the cookies, those values aren't there.
So do I have to specify another path for $cookie?
You've to use CURLOPT_COOKIEFILE for sending cookies instead of CURLOPT_COOKIE.
From the docs for function curl_setopt():
CURLOPT_COOKIE
The contents of the "Cookie: " header to be used in the HTTP request. Note that multiple cookies are separated with a semicolon followed by a space (e.g., "fruit=apple; colour=red")
CURLOPT_COOKIEFILE
The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file.
CURLOPT_COOKIEJAR
The name of a file to save all internal cookies to when the handle is closed, e.g. after a call to curl_close.
I'm using curl to get the contents of a webpage.. The website sets cookies when i visit them using browser..
Can i use the cURL same way and send a request to that specific website with the cookie information...????
Here are some of the option I found useful regarding curl and cookies.
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt' ); //use this cookie file
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.jar'); //if you close the session the cookies will be saved here
curl_setopt($ch, CURLOPT_COOKIE,"cookie_test=yes; domain=.google.com; path=/"); //set the cookie for the current session